Skip to content
Patient Copilot Help Center

Private Integrations: Everything you need to know

      • What are Private Integrations? Private Integrations allows you to build powerful custom integrations between your Patient Copilot account and any other third-party app. If you are looking to integrate your Patient Copilot account with a third-party app, you have two options: - Find and install the relevant app from the App Marketplace

  • Build your own private integration by yourself or with the help of a developer using APIs. Private Integrations helps you achieve #2 securely. The key advantages of using Private Integrations are: - Simple: Generate Private Integration tokens from your account settings and manage them with ease.
  • Secure: You get to restrict the scopes/permissions that a developer can access on your account Private Integrations are available for both Agencies and Sub-Accounts. To know more about the sub-accounts’ Private Integrations feature, click here. * * * ## What’s the difference between Private Integrations and API Keys? Private Integrations, to put it simply, is more powerful yet secure alternative to API Keys.

    Private Integrations

    API Keys

    More Secure: You get to restrict the scopes/permissions that a developer can access on your account Less Secure: A developer gets unrestricted access to all your account data 
    State-of-the-art: Private Integrations allows you to access API v2.0, which is state of the art.Outdated: API Keys work on API v1.0, which has reached end-of-life and is no longer maintained.
    More Features: API v2.0 has more powerful APIsFewer Features: API v1.0 has limited APIs
    * * * ## What’s the difference between Private Integrations and OAuth2 Access Tokens? Private Integrations, to put it simply, is static/fixed OAuth2 Access Tokens.

    Private Integrations

    Access Tokens

    Generated from the UI: The Private Integration token can be generated easily from the UI.Programmatic Generation: API Tokens are generated by exchanging an OAuth access code for the tokens using Get Access Token API.
    Static/Fixed: Private Integration Tokens are static/fixed and do not automatically refresh unless you rotate them from the UI.Refreshed Daily: Access Tokens expire daily and need to be refreshed.
    * * * ## How do I use Private Integrations? Private Integration tokens are used in the Authorisation header, just like other Access Tokens. For example, to get a location’s details, you can use Get Sub-account API with the Agency’s Private Integration Token in the Authorisation header. curl —request GET \ —url https://services.leadconnectorhq.com/locations/ve9EPM428h8vShlRW1KT \ —header ‘Accept: application/json’ \ —header ‘Authorization: ’ \ —header ‘Version: 2021-07-28’ * * * ## Testing a Private Integration with API Calls Once your Private Integration is created, you may want to test it by pushing data to an API endpoint. you will need the correct API endpoint URL to do this. Here’s an example of how to test the integration by adding a new contact: curl —request POST \ —url https://services.leadconnectorhq.com/contacts/ \ —header ‘Authorization: ’ \ —header ‘Content-Type: application/json’ \ —header ‘Version: 2021-07-28’ \ —data ’{ “firstName”: “John”, “lastName”: “Doe”, “email”: “[email protected]”, “phone”: “+1234567890”, “locationId”: “LOCATION_ID” }’ Make sure to: - Replace LOCATION_ID with the actual sub-account ID.
  • Replace Authorization value with your generated Private Integration token. For a full list of available endpoints and testing capabilities, visit our official developer documentation: https://developers.patientcopilot.ai * * * ## How do I manage Private Integrations? ### Who can create Private Integrations? By default, all agency admins can create and manage Private Integrations. However, you can restrict this permission at a user level. To do this, Navigate to Settings > Team > Edit the specific agency admin > Roles & Permissions, and enable/disable Private Integrations for the agency admin. You may apply the restrictions at two levels: 1. Allow the agency admin to view and manage the agency’s private integrations
  1. Allow the agency admin to view and manage the sub-accounts’ private integrations ###!(https://assets.patientcopilot.ai/1d10e9f64aca0af6.png) * * * ## Where can I find Private Integrations? You can find Private Integrations under agency settings. If you don’t find it under settings, please make sure that you have enabled the feature on Labs.!(https://assets.patientcopilot.ai/2123d928fbb7575a.png) * * * ## How do I create a new Private Integration? Step 1: Click on “Create new Integration”!(https://assets.patientcopilot.ai/012b641e482c9483.png) Step 2: Give your Private Integration a name and description to help you and your team identify what it’s for.!(https://assets.patientcopilot.ai/c601d92656e37389.png) Step 3: Select the scopes/permissions that you want the private integration to have access to on your agency account. Ensure that you are selecting only the required scopes for better data security.!(https://assets.patientcopilot.ai/8f008d6ce41d02d6.png) Please ensure that you are sharing the token with trusted parties only. Do not share it publicly. Note: Don’t forget to copy the token generated as you won’t be able to do it again later.!(https://assets.patientcopilot.ai/45e33c03aedb38c4.png) * * * ## What are some best practices to maintain the security of my private integration token? We recommend that you rotate your Private Integration tokens every 90 days. Here’s how you can do it. Step 1: Navigate to Private Integrations under settings, and click on the Private Integration you have created.!(https://assets.patientcopilot.ai/8e3b95a39dd71fdd.png) Step 2: Click on “Rotate and expire this token later”.!(https://assets.patientcopilot.ai/28245cef66d990a0.png) Step 3: Click “Continue” in response to the warning message if you are sure that you want to proceed with rotation.!(https://assets.patientcopilot.ai/d10c2be0fccd4e37.png) Step 4: Copy the new token and update it on your third-party app. You will have a 7-day window where both the old and the new tokens will continue to work. After 7 days, the old token will expire. In this 7-day window, you will have the option to: - “Cancel rotation” if, for example, your developer needs more time to update the token on the third-party app.